By default, WordPress is designed to update itself automatically when updates are available. Therefore, the one thing one must do for WordPress to update itself is to validate that the WordPress-installed directory has the correct file permission for the web user.
How can one configure a WordPress site to auto-update if it’s not already enabled?
WordPress blogs and websites get hacked due to outdated plugins, themes, and WordPress files. So if every WordPress site online today would configure auto-update, successful WordPress hacking would reduce dramatically.
These outdated plugins and themes open the door to potential hackers who quickly take over these obsolete sites. Once the sites are compromised, they can be used to attack other legitimate sites or distribute viruses and spyware programs.
This brief tutorial shows students and users how to configure WordPress to automatically update and prevent hackers from taking over your WordPress blogs and websites.
Turn on the WordPress auto-updating feature.
To ensure your sites are up to date, open the WordPress wp-config.php file and insert the code below. Place the highlighted code just above the line:
/* That’s all, stop editing! Happy blogging. */
Open the WordPress wp-config.php file by running the commands below.
sudo nano /var/www/html/wp-config.php
The file may be in a different directory than above. But the location above is mostly the default on most Linux systems.
/* Auto Update WordPress Core */
define( 'WP_AUTO_UPDATE_CORE', true );
/* That's all, stop editing! Happy blogging. */
Save the file, and you’re done.
Automatically Update WordPress Plugins
Plugins installed from the WordPress directory will always alert you when updates are available. However, these plugins will not automatically install newer updates, even if they’re essential and critical.
The majority of WordPress security vulnerabilities can be attributed to outdated plugins. To protect your sites, make sure to update your installed plugins constantly. To make that easier, turn on automatic updates of all plugins.
Add the line below code to the WordPress wp-config.php file to do that. Then, run the command below to open the file.
sudo nano /var/www/html/wp-config.php
Then, add the code below.
add_filter( 'auto_update_plugin', '__return_true' );
Save the file, and you’re done.
Automatically update WordPress themes
Another step is to configure WordPress to update installed themes automatically. Again, when you install themes from the WordPress directory, they will allow you to update them when updates are available.
One thing to remember is that any changes you made to the theme might be erased after updating. That’s why creating child themes is recommended.
To automatically update WordPress installed themes, add the code below to WordPress’ wp-config.php file.
sudo nano /var/www/html/wp-config.php
Then, add the code below to the file and save it.
add_filter( 'auto_update_theme', '__return_true' );
That’s it! Implementing these three steps might help prevent hackers from compromising your sites.
If your WordPress directory permission isn’t correctly configured, WordPress won’t be able to update. You make sure the webserver user has the appropriate rights to the directory.
It can be accomplished by running the commands below on Ubuntu servers:
sudo chown -R www-data:www-data /var/www/html sudo chmod -R 755 /var/www/html
Restart apache2, and you’re done.
Please add to this if you have better ways to protect WordPress sites.
Thanks
Leave a Reply Cancel reply